Processing rule modification method, apparatus and device

ABSTRACT

A method includes receiving, by a forwarder, rule modification information sent by a controller. The rule modification information includes rule description match information and action instruction modification information. The rule description match information is used to determine a to-be-modified processing rule. Rule description information of the to-be-modified processing rule accords with the rule description match information, and the action instruction modification information is used to instruct to modify an action instruction specified in an instruction set of the to-be-modified processing rule. The method also includes modifying, by the forwarder, when the forwarder determines that rule description information of a first processing rule meets the rule description match information, an action instruction specified in an instruction set of the first processing rule according to the action instruction modification information.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. application Ser. No.15/222,777, filed on Jul. 28, 2016, which is a continuation ofInternational Application No. PCT/CN2014/071609, filed on Jan. 28, 2014.All of the afore-mentioned patent applications are hereby incorporatedby reference in their entireties.

TECHNICAL FIELD

The present disclosure relates to the communications field, and inparticular embodiments, to a processing rule modification method,apparatus, and device.

BACKGROUND

To implement deployment flexibility and manageability of networkelements, the industry proposes a software-defined networking (SDN)concept. SDN decouples control logic of the network elements from theirforwarding functions, and deploys the control logic of all the networkelements in a centralized manner, so that control and maintenance workof a network can be simply implemented by performing an operation on acontrol plane device. Therefore, management efficiency of the network isincreased, a forwarding plane device is simpler, and high performanceand reusability of the forwarding plane device can be easily achieved.

In actual application, an SDN network generally includes a controllerthat functions as a control plane device and a forwarder that functionsas a forwarding plane device. The controller uses processing rules ofthe forwarder to perform control on a data packet processing process.Each processing rule includes match field information and an instructionset including one or more action instructions. The match fieldinformation is used to determine a to-be-matched data packet, that is, adata packet corresponding to the processing rule. The instruction set isused to instruct to perform, according to an action instruction in theinstruction set, processing on the data packet corresponding to theprocessing rule. Each action instruction optionally includes an actiontype and an action parameter. The action type and the action parameterare collectively referred to as an action variable of an actioninstruction in the present disclosure. Usually, the processing rule mayfurther include an identifier or an index of the processing rule. Thematch field information of the processing rule and the identifier orindex of the processing rule may be referred to as rule descriptioninformation of the processing rule. The rule description information ofthe processing rule may be used to identify the processing rule. Itshould be noted that, the rule description information being used toidentify the processing rule does not necessarily mean uniquelyidentifying a processing rule. Different processing rules may have samerule description information.

The OpenFlow protocol is a most typical and most widely applied protocolin an SDN network. Network elements in the OpenFlow protocol include anOpenFlow controller and an OpenFlow forwarder (Openflow Switch), whichare respectively referred to as an OF controller and an OF forwarder forshort below. Data packet processing in the OpenFlow protocol isperformed based on a service flow granularity. Each service flow may berepresented by a combination of different packet header fields, such asa source Media Access Control (MAC) address, a destination MAC address,a source Internet Protocol (IP) address, a destination IP address, asource port number, and a destination port number. The OF forwarderstores a processing rule of the flow granularities in a flow table ofthe OF forwarder. Therefore, a processing rule in the OpenFlow protocolis also referred to as a flow entry. The following Table 1 shows astructure of each flow entry.

TABLE 1 Match Field Priority Counter Instructions Timeout Cookie

Each flow entry includes a match field, a priority, a counter, aninstruction set, a timeout, a cookie, and the like. The match field maybe considered as rule description information of the flow entry. Theinstruction set includes an action instruction corresponding to the flowentry. An action variable of each action instruction includes an actiontype and an action parameter. In this case, the rule descriptioninformation may further be used to determine a data packet correspondingto the processing rule, and the data packet corresponding to theprocessing rule accords with the rule description information.

When the OF forwarder receives a data packet of a user, the OF forwardermatches the data packet with a match field of each flow entry. The OFforwarder then performs, according to a successfully matched flow entry,an action included in an instruction set on the data packet. In thisway, forwarding, modification, and other control processing of the datapacket are implemented.

The OpenFlow protocol uses a flow modification (Flow_mod) message foraddition, modification, and deletion of a flow entry. A main structureof each Flow_mod message is as follows: Flow_mod={message type(MsgType), table ID, match rule, Instructions (Action 1, Action 2, . . .Action n)}. When a flow entry is being modified, the Flow_mod messageincludes an identifier that Msg_Type is Modify or Modify_Strict torespectively indicate non-strict match modification and strict matchmodification on the flow entry. Strict match modification is to changean instruction set of a flow entry whose match field is completely thesame as a match rule carried in a Flow_mod message to an instruction setcarried in the Flow_mod message. Non-strict match modification is tochange instruction sets of all flow entries whose match fields arecovered by a match rule carried in a Flow_mod message to an instructionset carried in the Flow_mod message. A difference between the two typesof modification is illustrated below.

For the following three flow entries stored in a flow table (thefollowing examples and embodiments to be described provide only somecontent of flow entries related to this disclosure, and other fields,such as timeouts and cookie, are irrelevant to the present disclosureand are not listed herein):

flow entry 1: match rule (Match rule) (src_ip=ip1, dst_ip=ip2,protocol=TCP, dst_port=80), instructions (action1, action4);

flow entry 2: Match rule (src_ip=ip1, dst_ip=ip2, protocol=UDP,dst_port=53), instructions (action2, action4); and

flow entry3: Match rule (src_ip=ip1, dst_ip=ip2), instructions (action₃,action₄).

It is assumed that information carried in a Flow_mod message is:Msg_type, match rule (src_ip=ip1, dst_ip=ip2), instructions (action4,action5). If Msg_Type carried in the Flow_mod message is Modify_Strict,instructions in the flow entry 3 are replaced with instructions(action4, action5) because only the flow entry 3 completely matches thematch rule carried in the Flow_mod message; if Msg_Type carried in theFlow_mod message is Modify, instructions in the flow entries 1, 2, and 3are all replaced with instructions (action4, action5) because the matchrule in the Flow_mod message is included in all the flow entries 1, 2,and 3.

It can be learned from the foregoing description and examples that oneor more flow entries can be modified in batches by means of strict matchmodification or non-strict match modification in a flow entrymodification method defined in the OpenFlow protocol. However, themodification is limited only to complete replacement of an originalinstruction set of a flow entry with an instruction set carried in aFlow_mod message.

This modification method is excessively inflexible, leads to lowmodification efficiency in most cases, and occupies more communicationresources between an OF controller and an OF forwarder.

SUMMARY

Embodiments provide a processing rule modification method, apparatus anddevice, which can increase efficiency in modifying a processing rule ina forwarder, and reduce occupied communication resources between acontroller and the forwarder.

According to a first aspect, a processing rule modification apparatus isprovided. The modification apparatus stores a first processing rule,where the first processing rule includes rule description informationand an instruction set. The rule description information is used toidentify the first processing rule. The instruction set includes atleast one action instruction. The instruction set is used to instruct toperform, according to the action instruction in the instruction set,processing on a data packet corresponding to the first processing rule.The apparatus includes a receiving unit configured to receive rulemodification information sent by a controller. The rule modificationinformation includes rule description match information and actioninstruction modification information, where the rule description matchinformation is used to determine a to-be-modified processing rule. Ruledescription information of the to-be-modified processing rule accordswith the rule description match information, and the action instructionmodification information is used to instruct to modify an actioninstruction specified in an instruction set of the to-be-modifiedprocessing rule. The apparatus also includes a modification unit,configured to modify an action instruction specified in the instructionset of the first processing rule according to the action instructionmodification information received by the receiving unit, when it isdetermined that the rule description information of the first processingrule accords with the rule description match information received by thereceiving unit.

With reference to the first aspect, in a first possible implementationmanner of the first aspect, the action instruction modificationinformation includes an action instruction match condition andmodification operation information, where the action instruction matchcondition is used to determine a to-be-modified action instruction, andthe modification operation information is used to indicate amodification operation on the to-be-modified action instruction. Themodification unit includes an instruction determining subunit configuredto determine a first action instruction to be modified in theinstruction set of the first processing rule according to the actioninstruction match condition when it is determined that the ruledescription information of the first processing rule accords with therule description match information received by the receiving unit. Themodification unit also includes a modification subunit configured tomodify the first action instruction according to the modificationoperation information.

With reference to the first possible implementation manner of the firstaspect, in a second possible implementation manner of the first aspect,the action instruction match condition includes location information,and the location information is used to indicate a location of theto-be-modified action instruction in the instruction set of theto-be-modified processing rule. The instruction determining subunit isconfigured to determine the first action instruction according to thelocation information when it is determined that the rule descriptioninformation of the first processing rule accords with the ruledescription match information received by the receiving unit.

With reference to the second possible implementation manner of the firstaspect, in a third possible implementation manner of the first aspect,the location information includes a first mask, and a location of eachmask bit in the first mask corresponds to a location of each actioninstruction in the instruction set of the to-be-modified processingrule. The instruction determining subunit is configured to determine amask bit being a preset value from the first mask; and determine thefirst action instruction according to a location of the mask bit beingthe preset value when it is determined that the rule descriptioninformation of the first processing rule accords with the ruledescription match information received by the receiving unit.

With reference to the second possible implementation manner of the firstaspect, in a fourth possible implementation manner of the first aspect,the location information includes a modification indication list, themodification indication list includes a modification indication, and alocation of each modification indication in the modification indicationlist corresponds to a location of each action instruction in theinstruction set of the to-be-modified processing rule, where themodification indication is used to indicate whether to modify the actioninstruction. The instruction determining subunit is configured to, whenit is determined that the rule description information of the firstprocessing rule accords with the rule description match informationreceived by the receiving unit, determine a modification indication thatis used to indicate action instruction modification. The instructiondetermining subunit is also configured to determine, according to afirst location of the modification indication that is used to indicateaction instruction modification in the modification indication list, thefirst action instruction corresponding to the first location.

With reference to the first possible implementation manner of the firstaspect, in a fifth possible implementation manner of the first aspect,the action instruction match condition includes instruction typeinformation, and the instruction type information is used to indicate aninstruction type of the to-be-modified action instruction. Theinstruction determining subunit is configured to determine the firstaction instruction according to the instruction type information when itis determined that the rule description information of the firstprocessing rule accords with the rule description match informationreceived by the receiving unit.

With reference to the first possible implementation manner of the firstaspect, and/or the second possible implementation manner of the firstaspect, and/or the third possible implementation manner of the firstaspect, and/or the fourth possible implementation manner of the firstaspect, and/or the fifth possible implementation manner of the firstaspect, in a sixth possible implementation manner of the first aspect,the modification operation information includes a new actioninstruction. The modification subunit is configured to change the firstaction instruction to the new action instruction.

With reference to the first possible implementation manner of the firstaspect, and/or the second possible implementation manner of the firstaspect, and/or the third possible implementation manner of the firstaspect, and/or the fourth possible implementation manner of the firstaspect, and/or the fifth possible implementation manner of the firstaspect, in a seventh possible implementation manner of the first aspect,the modification operation information includes parameter modificationindication information, and the parameter modification indicationinformation is used to instruct to modify an action variable of theto-be-modified action instruction. The modification subunit isconfigured to modify an action variable of the first action instructionaccording to the parameter modification indication information.

With reference to the seventh possible implementation manner of thefirst aspect, in an eighth possible implementation manner of the firstaspect, the parameter modification indication information includes aparameter match condition and parameter modification operationinformation, where the parameter match condition is used to determinethe to-be-modified action variable in the to-be-modified actioninstruction, and the parameter modification operation information isused to instruct to modify the to-be-modified action variable. Themodification subunit includes a determining module, configured todetermine a first action variable to be modified in the first actioninstruction according to the parameter match condition; and amodification module, configured to modify the first action variableaccording to the parameter modification operation information.

With reference to the eighth possible implementation manner of the firstaspect, in a ninth possible implementation manner of the first aspect,the parameter modification operation information includes a new variablevalue. The modification module is configured to change a variable valueof the first action variable to the new variable value.

With reference to the eighth possible implementation manner of the firstaspect, in a tenth possible implementation manner of the first aspect,the parameter modification operation information includes operationalmethod information, and the operational method information is used toindicate an operational method for obtaining a variable value. Themodification module is configured to obtain a new variable valueaccording to the operational method information; and change a variablevalue of the first action variable to the new variable value.

According to a second aspect, a processing rule modification apparatusis provided, where the apparatus is applicable to a controller thatcommunicates with a forwarder, where the forwarder stores a firstprocessing rule, the first processing rule includes rule descriptioninformation and an instruction set, the rule description information isused to identify the first processing rule, the instruction set includesat least one action instruction, the instruction set is used to instructto perform, according to the action instruction in the instruction set,processing on a data packet corresponding to the first processing rule.The apparatus includes a generation unit, configured to generate rulemodification information. The apparatus also includes a sending unitconfigured to send, to the forwarder, the rule modification informationgenerated by the generation unit. The rule modification informationincludes rule description match information and action instructionmodification information. The rule description match information is usedto determine a to-be-modified processing rule. Rule descriptioninformation of the to-be-modified processing rule accords with the ruledescription match information, and the action instruction modificationinformation is used to instruct to modify an action instructionspecified in an instruction set of the to-be-modified processing rule,so that when the forwarder determines that the rule descriptioninformation of the first processing rule accords with the ruledescription match information, the forwarder modifies an actioninstruction specified in the instruction set of the first processingrule according to the action instruction modification information.

According to a third aspect, a processing rule modification method isprovided, where the method is applicable to a forwarder, where theforwarder stores a first processing rule, the first processing ruleincludes rule description information and an instruction set, the ruledescription information is used to identify the first processing rule,the instruction set includes at least one action instruction, theinstruction set is used to instruct to perform, according to the actioninstruction in the instruction set, processing on a data packetcorresponding to the first processing rule. The method includesreceiving, by the forwarder, rule modification information sent by acontroller. The rule modification information includes rule descriptionmatch information and action instruction modification information. Therule description match information is used to determine a to-be-modifiedprocessing rule. Rule description information of the to-be-modifiedprocessing rule accords with the rule description match information. Theaction instruction modification information is used to instruct tomodify an action instruction specified in an instruction set of theto-be-modified processing rule. The method also includes modifying, bythe forwarder, an action instruction specified in the instruction set ofthe first processing rule according to the action instructionmodification information when the forwarder determines that the ruledescription information of the first processing rule accords with therule description match information.

With reference to the third aspect, in a first possible implementationmanner of the third aspect, the action instruction modificationinformation includes an action instruction match condition andmodification operation information, where the action instruction matchcondition is used to determine a to-be-modified action instruction, andthe modification operation information is used to indicate amodification operation on the to-be-modified action instruction. Themodifying, by the forwarder, an action instruction specified in theinstruction set of the first processing rule according to the actioninstruction modification information includes determining, by theforwarder, a first action instruction to be modified in the instructionset of the first processing rule according to the action instructionmatch condition; and modifying, by the forwarder, the first actioninstruction according to the modification operation information.

With reference to the first possible implementation manner of the thirdaspect, in a second possible implementation manner of the third aspect,the action instruction match condition includes location information,and the location information is used to indicate a location of theto-be-modified action instruction in the instruction set of theto-be-modified processing rule. The determining, by the forwarder, afirst action instruction to be modified in the instruction set of thefirst processing rule according to the action instruction matchcondition includes determining, by the forwarder, the first actioninstruction according to the location information.

With reference to the second possible implementation manner of the thirdaspect, in a third possible implementation manner of the third aspect,the location information includes a first mask, and a location of eachmask bit in the first mask corresponds to a location of each actioninstruction in the instruction set of the to-be-modified processingrule. The determining, by the forwarder, the first action instructionaccording to the location information includes determining, by theforwarder, a mask bit being a preset value from the first mask; anddetermining, by the forwarder, the first action instruction according toa location of the mask bit being the preset value.

With reference to the second possible implementation manner of the thirdaspect, in a fourth possible implementation manner of the third aspect,the location information includes a modification indication list, themodification indication list includes a modification indication, and alocation of each modification indication in the modification indicationlist corresponds to a location of each action instruction in theinstruction set of the to-be-modified processing rule, where themodification indication is used to indicate whether to modify the actioninstruction. The determining, by the forwarder, the first actioninstruction according to the location information includes determining,by the forwarder, a modification indication that is used to indicateaction instruction modification in the modification indication list, anddetermining, by the forwarder according to a first location of themodification indication that is used to indicate action instructionmodification in the modification indication list, the first actioninstruction.

With reference to the first possible implementation manner of the thirdaspect, in a fifth possible implementation manner of the third aspect,the action instruction match condition includes instruction typeinformation, and the instruction type information is used to indicate aninstruction type of the to-be-modified action instruction. Thedetermining, by the forwarder, a first action instruction to be modifiedin the instruction set of the first processing rule according to theaction instruction match condition includes determining, by theforwarder, the first action instruction according to the instructiontype information.

With reference to the first possible implementation manner of the thirdaspect, and/or the second possible implementation manner of the thirdaspect, and/or the third possible implementation manner of the thirdaspect, and/or the fourth possible implementation manner of the thirdaspect, and/or the fifth possible implementation manner of the thirdaspect, in a sixth possible implementation manner of the third aspect,the modification operation information includes a new actioninstruction. The modifying, by the forwarder, the first actioninstruction according to the modification operation information includeschanging, by the forwarder, the first action instruction to the newaction instruction.

With reference to the first possible implementation manner of the thirdaspect, and/or the second possible implementation manner of the thirdaspect, and/or the third possible implementation manner of the thirdaspect, and/or the fourth possible implementation manner of the thirdaspect, and/or the fifth possible implementation manner of the thirdaspect, in a seventh possible implementation manner of the third aspect,the modification operation information includes parameter modificationindication information, and the parameter modification indicationinformation is used to instruct to modify an action variable of theto-be-modified action instruction. The modifying, by the forwarder, thefirst action instruction according to the modification operationinformation includes modifying, by the forwarder, an action variable ofthe first action instruction according to the parameter modificationindication information.

With reference to the seventh possible implementation manner of thethird aspect, in an eighth possible implementation manner of the thirdaspect, the parameter modification indication information includes aparameter match condition and parameter modification operationinformation, where the parameter match condition is used to determinethe to-be-modified action variable in the to-be-modified actioninstruction, and the parameter modification operation information isused to instruct to modify the to-be-modified action variable. Themodifying, by the forwarder, an action variable of the first actioninstruction according to the parameter modification indicationinformation includes determining, by the forwarder, a first actionvariable to be modified in the first action instruction according to theparameter match condition; and modifying, by the forwarder, the firstaction variable according to the parameter modification operationinformation.

With reference to the eighth possible implementation manner of the thirdaspect, in a ninth possible implementation manner of the third aspect,the parameter modification operation information includes a new variablevalue. The modifying, by the forwarder, the first action variableaccording to the parameter modification operation information includeschanging, by the forwarder, a variable value of the first actionvariable to the new variable value.

With reference to the eighth possible implementation manner of the thirdaspect, in a tenth possible implementation manner of the third aspect,the parameter modification operation information includes operationalmethod information, and the operational method information is used toindicate an operational method for obtaining a variable value. Themodifying, by the forwarder, the first action variable according to theparameter modification operation information includes obtaining, by theforwarder, a new variable value according to the operational methodinformation; and changing, by the forwarder, a variable value of thefirst action variable to the new variable value.

According to a fourth aspect, a processing rule modification method isprovided, where the method is applicable to a controller thatcommunicates with a forwarder, where the forwarder stores a firstprocessing rule, the first processing rule includes rule descriptioninformation and an instruction set, the rule description information isused to identify the first processing rule, the instruction set includesat least one action instruction, the instruction set is used to instructto perform, according to the action instruction in the instruction set,processing on a data packet corresponding to the first processing rule.The method includes sending, by the controller to the forwarder, rulemodification information. The rule modification information includesrule description match information and action instruction modificationinformation. The rule description match information is used to determinea to-be-modified processing rule. Rule description information of theto-be-modified processing rule accords with the rule description matchinformation, and the action instruction modification information is usedto instruct to modify an action instruction specified in an instructionset of the to-be-modified processing rule, so that when the forwarderdetermines that the rule description information of the first processingrule accords with the rule description match information, the forwardermodifies an action instruction specified in the instruction set of thefirst processing rule according to the action instruction modificationinformation.

In the embodiments, a forwarder receives rule modification informationsent by a controller. The rule modification information includes ruledescription match information and action instruction modificationinformation. The rule description match information is used to determinea to-be-modified processing rule. Rule description information of theto-be-modified processing rule accords with the rule description matchinformation, and the action instruction modification information is usedto instruct to modify an action instruction specified in an instructionset of the to-be-modified processing rule. When the forwarder determinesthat rule description information of a first processing rule accordswith the rule description match information, the forwarder modifies anaction instruction specified in an instruction set of the firstprocessing rule according to the action instruction modificationinformation. Therefore, the forwarder no longer implements modificationof the first processing rule only by using a manner similar to a mannerin which an instruction set carried in a Flow_mod message is used tocompletely replace an original instruction set of a flow entry. Instead,the forwarder can separately modify a specified action and/or aspecified action variable of the first processing rule. This manner ofmodifying the first processing rule is flexible, and increasesefficiency in modifying the first processing rule in the forwarder bythe controller. In addition, in a scenario in which only some actioninstructions need to be modified in the instruction set of the firstprocessing rule, compared with the prior art, this manner can competemodification of the action instructions in the instruction set of thefirst processing rule by using relatively fewer messages. Compared withthe prior art, this manner reduces a quantity of messages used formodifying the first processing rule, and therefore reduces occupiedcommunication resources between the controller and the forwarder.

BRIEF DESCRIPTION OF THE DRAWINGS

To describe the technical solutions in the embodiments more clearly, thefollowing briefly describes the accompanying drawings required fordescribing the embodiments or the prior art. Apparently, theaccompanying drawings in the following description show merely someembodiments, and a person of ordinary skill in the art may still deriveother drawings from these accompanying drawings without creativeefforts.

FIG. 1 is a diagram of a structure of an application scenario of aprocessing rule modification method according to an embodiment;

FIG. 2 is a schematic diagram of a first embodiment of a processing rulemodification method;

FIG. 3 is a schematic diagram of a second embodiment of a processingrule modification method;

FIG. 4 is a schematic diagram of a third embodiment of a processing rulemodification method;

FIG. 5 is a schematic diagram of a first embodiment of a processing rulemodification apparatus;

FIG. 6 is a schematic diagram of a second embodiment of a processingrule modification apparatus;

FIG. 7 is a schematic diagram of a structure of a forwarder; and

FIG. 8 is a schematic diagram of a structure of a controller.

DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS

In some scenarios, some action instructions in an instruction set of aflow entry are supported only by the flow entry, or in many scenariosonly some action instructions in an instruction set of a flow entryactually need to be modified. Therefore, an OF controller expects tomodify some action instructions in an instruction set of a flow entry inbatches, and retains other action instructions in the instruction set ofthe flow entry at the same time. For example, for the flow entries 1 to3 exemplified in the Background section, it is assumed that the actions1, 2, and 3 indicate actions of encapsulating data packets to differenttunnels corresponding to the flow entries, the action4 indicatesforwarding a data packet from a port 1, and the action5 indicatesforwarding a data packet from a port 2. The OF controller expects tomodify the action 4 in each of the flow entries 1, 2, and 3 to theaction 5 while retaining the actions 1, 2, and 3 unchanged, so that aport that lastly forwards a data packet changes from the port 1 to theport 2. However, the OF controller cannot implement this batchmodification capability by using one Flow_mod message in the prior artbecause the prior art supports only complete replacement of aninstruction set of a flow entry. The OF controller can only modify threeprocessing rules by using three Flow_mod messages respectively, whichleads to low efficiency in modifying a flow entry in a forwarder. Inaddition, three Flow_mod messages are required to implement modificationof the flow entries 1 to 3, which occupies communication resourcesbetween the OF controller and an OF forwarder. Especially in a scenarioin which the OF forwarder has a large quantity of flow entries, thisinefficient flow entry modification may cause transmission of a largequantity of Flow_mod messages between the OF controller and the OFforwarder, decreasing efficiency in modifying the flow entries, andconsuming the communication resources between the OF controller and theOF forwarder.

In view of this, embodiments provide a processing rule modificationmethod, apparatus and device, which can increase efficiency in modifyinga processing rule in a forwarder, and reduce occupied communicationresources between a controller and the forwarder.

The processing rule modification method, apparatus and device providedin the embodiments may not only be applicable to modifying a flow entryin an OF forwarder by an OF controller in the OpenFlow protocol, butalso be applicable to modifying a processing rule in a forwarder by acontroller in another SDN network.

Referring to FIG. 1, FIG. 1 is a schematic diagram of a structure of anSDN network to which a processing rule modification method according toan embodiment is applicable. The structure includes a controller no anda forwarder 120. The controller no modifies first processing rulesstored in the forwarder 120 by sending rule modification information tothe forwarder 120. The first processing rules stored in the forwarder120 and the foregoing processing rule refer to a same object. Theprocessing rules stored in the forwarder 120 mentioned herein and beloware referred to as first processing rules, so as to distinguish thefirst processing rule from a to-be-modified processing rule.Specifically, the first processing rule may include rule descriptioninformation and an instruction set, the rule description information isused to identify the first processing rule, the instruction set includesat least one action instruction, and the instruction set is used toinstruct to perform, according to the action instruction in theinstruction set, processing on a data packet corresponding to the firstprocessing rule.

Referring to FIG. 2, FIG. 2 is a schematic diagram of a first embodimentof a processing rule modification method. The method includes thefollowing.

Step 201: A forwarder receives rule modification information sent by acontroller, where the rule modification information includes ruledescription match information and action instruction modificationinformation. The rule description match information is used to determinea to-be-modified processing rule. Rule description information of theto-be-modified processing rule accords with the rule description matchinformation. The action instruction modification information is used toinstruct to modify an action instruction specified in an instruction setof the to-be-modified processing rule.

Step 202: When the forwarder determines that rule descriptioninformation of a first processing rule accords with the rule descriptionmatch information, the forwarder modifies an action instructionspecified in an instruction set of the first processing rule accordingto the action instruction modification information.

In this embodiment, a forwarder receives rule modification informationsent by a controller. The rule modification information includes ruledescription match information and action instruction modificationinformation. The rule description match information is used to determinea to-be-modified processing rule. Rule description information of theto-be-modified processing rule accords with the rule description matchinformation, and the action instruction modification information is usedto instruct to modify an action instruction specified in an instructionset of the to-be-modified processing rule. Therefore, for each firstprocessing rule whose rule description information accords with the ruledescription match information, the forwarder modifies an actioninstruction specified in an instruction set of the first processing ruleaccording to the action instruction modification information. Therefore,the forwarder no longer implements modification of the first processingrule only by using a manner similar to a manner in which an instructionset carried in a Flow_mod message is used to completely replace anoriginal instruction set of a flow entry. Instead, the forwarder canseparately modify a specified action and/or a specified action variableof the first processing rule. This manner of modifying the firstprocessing rule is flexible, and increases efficiency in modifying thefirst processing rule in the forwarder by the controller. In addition,in a scenario in which only some action instructions need to be modifiedin the instruction set of the first processing rule, compared with theprior art, this manner can compete modification of the actioninstructions in the instruction set of the first processing rule byusing relatively fewer messages. Compared with the prior art, thismanner reduces a quantity of messages used for modifying the firstprocessing rule, and therefore reduces occupied communication resourcesbetween the controller and the forwarder.

Referring to FIG. 3, FIG. 3 is a schematic diagram of a secondembodiment of a processing rule modification method. The method includesthe following.

Step 301: A controller sends rule modification information to aforwarder, where the rule modification information includes ruledescription match information and action instruction modificationinformation. The rule description match information is used to determinea to-be-modified processing rule. Rule description information of theto-be-modified processing rule accords with the rule description matchinformation, and the action instruction modification information is usedto instruct to modify an action instruction specified in an instructionset of the to-be-modified processing rule.

Therefore, when the forwarder determines that rule descriptioninformation of a first processing rule accords with the rule descriptionmatch information, the forwarder modifies an action instructionspecified in an instruction set of the first processing rule accordingto the action instruction modification information.

Optionally, before step 301, the method may further include: generating,by the controller, the rule modification information.

Details about how the controller generates the rule modificationinformation are not described herein.

In this embodiment, a controller sends rule modification information toa forwarder, where the rule modification information includes ruledescription match information and action instruction modificationinformation. The rule description match information is used to determinea to-be-modified processing rule. Rule description information of theto-be-modified processing rule accords with the rule description matchinformation, and the action instruction modification information is usedto instruct to modify an action instruction specified in an instructionset of the to-be-modified processing rule. Therefore, for each firstprocessing rule whose rule description information accords with the ruledescription match information, the forwarder modifies an actioninstruction specified in an instruction set of the first processing ruleaccording to the action instruction modification information. Therefore,the forwarder no longer implements modification of the first processingrule only by using a manner similar to a manner in which an instructionset carried in a Flow_mod message is used to completely replace anoriginal instruction set of a flow entry. Instead, the forwarder canseparately modify a specified action and/or a specified action variableof the first processing rule. This manner of modifying the firstprocessing rule is flexible, and increases efficiency in modifying thefirst processing rule in the forwarder by the controller. In addition,in a scenario in which only some action instructions need to be modifiedin the instruction set of the first processing rule, compared with theprior art, this manner can compete modification of the actioninstructions in the instruction set of the first processing rule byusing relatively fewer messages. Compared with the prior art, thismanner reduces a quantity of messages used for modifying the firstprocessing rule, and therefore reduces occupied communication resourcesbetween the controller and the forwarder.

Referring to FIG. 4, FIG. 4 is a schematic diagram of a third embodimentof a processing rule modification method. The method includes thefollowing.

Step 401: A controller sends rule modification information to aforwarder, where the rule modification information includes ruledescription match information and action instruction modificationinformation. The rule description match information is used to determinea to-be-modified processing rule. Rule description information of theto-be-modified processing rule accords with the rule description matchinformation, and the action instruction modification information is usedto instruct to modify an action instruction specified in an instructionset of the to-be-modified processing rule.

How the controller is triggered to modify a first processing rule, andhow the controller determines which action instructions of the firstprocessing rule need to be modified are not limited herein. For example,the controller may trigger modification of one or more first processingrules according to external conditions, such as reporting of a datapacket by the forwarder, a rule modification request from an upper-layermanagement system of the controller, or a virtual machine migrationnotification, or according to internal conditions, such as amodification timer timeout. For example, the controller may extract,from a header field of the data packet reported by the forwarder, orobtain, from information directly input on the upper-layer managementsystem, a first processing rule to be modified and a to-be-modifiedaction instruction in each first processing rule. Alternatively, thecontroller determines a first processing rule to be modified, ato-be-modified action or action variable in each first processing rule,and the like according to information such as a type of a data packetforwarded by the forwarder, subscription information of a user to whichthe forwarded data packet belongs, and network status.

How to implement transmission of the rule modification informationbetween the controller and the forwarder is not limited in the presentdisclosure. For example, in the OpenFlow protocol, this step may beimplemented by using an OF controller to send, to an OF, a flow_modmessage that carries the rule modification information. Alternatively,in another SDN network, this step may be implemented by using anothermessage between the controller and the forwarder, and the like.

The rule description information is used to identify the firstprocessing rule. For example, the rule description information may be aunique identifier that is allocated by the controller or the forwarderto the first processing rule. In some scenarios, for example in theOpenFlow protocol, the rule description information may be a match fieldof a flow entry. In this case, the rule description information mayfurther be used to determine a data packet corresponding to the firstprocessing rule, where the data packet corresponding to the firstprocessing rule accords with the rule description information.

The rule description match information may have differentimplementations in different application scenarios.

Example 1

In the OpenFlow protocol, the rule description match information may bea match rule carried in a Flow_mod message. The match rule may coverdifferent match field ranges and therefore indicate different flow entrysets according to whether the Flow_mod message carries a strict matchmodification identifier or a non-strict match modification identifier.

For example, the example in the Background section in which the matchrule matches the match fields in the flow entries.

Alternatively, for example, a match rule carried in the Flow_mod messageis: match rule={src_ip=ip1, dst_ip=ip2, protocol=ALL, port=ALL,tunnel_id=ALL}.

If the Flow_mod message carries the strict match modificationidentifier, a match field, in the forwarder, that is completely the sameas the foregoing match rule is a range covered by the match rule. If theFlow_mod message carries the non-strict match modification identifier, amatch field, in the forwarder, that includes the foregoing match rule isa range covered by the match rule.

Alternatively, for example, the match rule may use a wildcard of a MediaAccess Control (MAC)/Internet Protocol (IP)/Transmission ControlProtocol (TCP)/User Datagram Protocol (UDP) header field, or a cookiemask, or other manners, so that the match rule can cover match fields ofone or more flow entries. If the match rule is: match rule={src_ip=ip1,dst_ip=ip2, cookie=0x0031, cookie_mask=0xfffe}, the match rule may covermatch fields of all flow entries in which a source IP address and adestination IP address are specified addresses, and that follow thislogic: (flow entry:cookie&flow mod:cookie mask)==(Flow_mod:cookie&flowmod:cookie mask).

Example 2

It is assumed that the rule description information is implemented byusing a processing rule identifier that uniquely identifies the firstprocessing rule. The rule description match information may include oneor more rule identifiers, for example, the rule description matchinformation being {1, 3, 4}; or include a rule identifier mask, forexample, the rule description match information being {1x001,mask=0xfffe}; or include a rule identifier range, for example, the ruledescription match information being {Min=1, MAX=3}; or the like.

In actual application, the rule description match information may beflexibly implemented, and may be set according to an actual applicationenvironment, which is not limited herein.

The action instruction modification information may include an actioninstruction match condition and modification operation information,where the action instruction match condition is used to determine ato-be-modified action instruction, and the modification operationinformation is used to indicate a modification operation on theto-be-modified action instruction.

Specifically, the action instruction match condition may include thefollowing. Location information, where the location information is usedto indicate a location of the to-be-modified action instruction in theinstruction set of the to-be-modified processing rule; or instructiontype information, where the instruction type information is used toindicate an instruction type of the to-be-modified action instruction;or the to-be-modified action instruction.

The location information may include a first mask, where a location ofeach mask bit in the first mask corresponds to a location of each actioninstruction in the instruction set of the to-be-modified processingrule. Or, the location information may include a modification indicationlist, where the modification indication list includes a modificationindication, and a location of each modification indication in themodification indication list corresponds to a location of each actioninstruction in the instruction set of the to-be-modified processingrule, where the modification indication is used to indicate whether tomodify the action instruction.

The modification operation information may include a new actioninstruction; or parameter modification indication information, where theparameter modification indication information is used to instruct tomodify an action variable of the to-be-modified action instruction.

The parameter modification operation information may include a parametermatch condition and parameter modification operation information, wherethe parameter match condition is used to determine the to-be-modifiedaction variable in the to-be-modified action instruction, and theparameter modification operation information is used to instruct tomodify the to-be-modified action variable.

The parameter match condition may include the to-be-modified actionvariable; or an action variable and a modification indication bound tothe action variable, where the modification indication is used toindicate whether to modify the bound action variable.

The parameter modification operation information may include a newvariable value, or operational method information, where the operationalmethod information is used to indicate an operational method forobtaining a variable value.

An action variable of an action includes an action type and an actionparameter. The action parameter may include one or more parameters.

Step 402: The forwarder receives the rule modification information.

Step 403: When the forwarder determines that rule descriptioninformation of a first processing rule accords with the rule descriptionmatch information, the forwarder modifies an action instructionspecified in an instruction set of the first processing rule accordingto the action instruction modification information.

The following describes an implementation of this step in which theforwarder modifies the action instruction specified in the instructionset of the first processing rule according to the action instructionmodification information.

The action instruction modification information may include an actioninstruction match condition and modification operation information,where the action instruction match condition is used to determine ato-be-modified action instruction, and the modification operationinformation is used to indicate a modification operation on theto-be-modified action instruction.

That the forwarder modifies an action instruction specified in aninstruction set of the first processing rule according to the actioninstruction modification information may include determining, by theforwarder, a first action instruction to be modified in the instructionset of the first processing rule according to the action instructionmatch condition; and modifying, by the forwarder, the first actioninstruction according to the modification operation information.

The following exemplifies an implementation of the action instructionmatch condition.

1.1 The action instruction match condition may include locationinformation, and the location information is used to indicate a locationof the to-be-modified action instruction in the instruction set of theto-be-modified processing rule.

The determining, by the forwarder, a first action instruction to bemodified in the instruction set of the first processing rule accordingto the action instruction match condition may include: determining, bythe forwarder, the first action instruction according to the locationinformation.

In a first possible implementation manner, the location information mayinclude a first mask, where a location of each mask bit in the firstmask corresponds to a location of each action instruction in theinstruction set of the to-be-modified processing rule.

The determining, by the forwarder, the first action instructionaccording to the location information may include determining, by theforwarder, a mask bit being a preset value from the first mask; anddetermining, by the forwarder, the first action instruction according toa location of the mask bit being the preset value.

In actual application, a mask bit corresponding to the first actioninstruction is a first preset value, and values of other mask bits aredifferent from the first preset value.

For example, in an example in which this embodiment is applicable to theOpenFlow protocol, a Flow_mod message sent by an OF controller to an OFforwarder is as follows: Flow_mod={MODIFY, table id=1, match rule,Mask=0x001, Instructions {action3}

The location information is implemented by using a mask 0x001. If thefirst preset value is 1, only the last mask bit of the mask 0x001 is 1,which indicates that the last action instruction in an instruction setof a flow entry is a first action instruction.

In a second possible implementation manner, the location information mayinclude a modification indication list, where the modificationindication list includes a modification indication, and a location ofeach modification indication in the modification indication listcorresponds to a location of each action instruction in the instructionset of the to-be-modified processing rule, and the modificationindication is used to indicate whether to modify the action instruction.

The determining, by the forwarder, the first action instructionaccording to the location information may include determining, by theforwarder, a modification indication that is used to indicate actioninstruction modification in the modification indication list, anddetermining, by the forwarder according to a first location of themodification indication that is used to indicate action instructionmodification in the modification indication list, the first actioninstruction.

For example, in an example in which this embodiment is applicable to theOpenFlow protocol, a Flow_mod message sent by an OF controller to an OFforwarder is as follows: Flow_mod={MODIFY, table id=1, match rule,Instructions {(action1, 0), (action2, 1), (action3, 0)}}

An action 1, an action 2, and an action 3 carried in an instruction setof the Flow_mod message are modification operation information,specifically, new action instructions. This is not described herein butis described in detail in the following. 0 in (action1, 0) and (action3,0), and 1 in (action2, 1) are modification indications. It is assumedthat the modification indication 1 indicates modification of an actioninstruction corresponding to the modification indication, and themodification indication 0 indicates no modification of the actioninstruction corresponding to the modification indication. (action1, 0)is located at the first bit in the instruction set of the Flow_modmessage, and (action1, 0) corresponds to a first action instruction inan instruction set of a flow entry. However, the forwarder does notmodify the first action instruction in the instruction set of the flowentry because the modification indication is 0. Similarly, the forwardermodifies a second action instruction in the instruction set of the flowentry, but does not modify a third action instruction in the instructionset of the flow entry.

1.2 The action instruction match condition may include instruction typeinformation, and the instruction type information is used to indicate aninstruction type of the to-be-modified action instruction.

The determining, by the forwarder, a first action instruction to bemodified in the instruction set of the first processing rule accordingto the action instruction match condition may include determining, bythe forwarder, the first action instruction according to the instructiontype information.

For example, in an example in which this embodiment is applicable to theOpenFlow protocol, a Flow_mod message sent by an OF controller to an OFforwarder is as follows Flow_mod={MODIFY, table id, match rule,Type_Only, Instructions {action3}}

An action 3 is modification operation information, specifically, a newaction instruction. This is not described herein but is described indetail in the following. Type_Only is instruction type information andis used to indicate that an action type of a to-be-modified actioninstruction is the same as an action type of the modification operationinformation action 3. The forwarder determines an action instructionthat is in an instruction table of a flow entry and whose action type isthe same as the action type of the action3 as the first actioninstruction.

1.3 The action instruction match condition may include: theto-be-modified action instruction.

The determining, by the forwarder, a first action instruction to bemodified in the instruction set of the first processing rule accordingto the action instruction match condition may include determining, bythe forwarder, the first action instruction from the instruction set ofthe first processing rule according to the action instruction includedin the action instruction match condition.

For example, in an example in which this embodiment is applicable to theOpenFlow protocol, a Flow_mod message sent by an OF controller to an OFforwarder is as follows Flow_mod={MODIFY, table id, match rule,Instructions {(action1, action3), (action2, action4)}}

The former action instruction in each action instruction pair of actioninstruction pairs (action1, action3) and (action2, action4) is an actioninstruction match condition, and the latter action instruction ismodification operation information. Specifically, the former actioninstructions action 1 and action3 in the action instruction pairs(action1, action3) and (action2, action4) are to-be-modified actioninstructions. The forwarder separately determines an action 1 and anaction3 in an instruction set of a flow entry as a first actioninstruction.

Each action instruction in the foregoing example includes an action typeand an action parameter. For example, the action 1 is an action offorwarding a data packet from a port 1, and the action 1 may be: action(type=OUTPUT, port=1). The foregoing description of this embodiment isirrelevant to a specific implementation of each action instruction, andtherefore details are not provided herein.

The following exemplifies an implementation of the modificationoperation information.

2.1 The modification operation information may include a new actioninstruction.

The modifying, by the forwarder, the first action instruction accordingto the modification operation information may include changing, by theforwarder, the first action instruction to the new action instruction.

For example, in the foregoing examples shown in 1.2 and 1.3, themodification operation information is both implemented by using a newoperation instruction.

If a Flow_mod message sent by an OF controller to an OF forwarder is asfollows: Flow_mod={MODIFY, table id=1, match rule, Mask=0x001,Instructions {action3}, then modification operation information iscarried in an instruction set of the Flow_mod message and is an action3.The forwarder changes only a last action instruction in an instructionset of a flow entry to the new action instruction action3 in theFlow_mod message, and retains other action instructions in theinstruction set of the flow entry unchanged.

If a Flow_mod message sent by the OF controller to the OF forwarder isas follows: Flow_mod={MODIFY, table id=1, match rule, Instructions{(action1, 0), (action2, 1), (action3, 0)}}, where: an action 1, anaction 2, and an action3 carried in an instruction set of the Flow_modmessage are modification operation information, specifically, new actioninstructions; 0 in (action1, 0) and (action3, 0), and 1 in (action2, 1)are modification indications; (action1, 0) is located at the first bitin the instruction set of the Flow_mod message and corresponds to afirst action instruction in an instruction set of a flow entry; and themodification indication is 0; then the forwarder does not change thefirst action instruction in the instruction set of the flow entry to theaction 1. Similarly, the forwarder changes a second action instructionin the instruction set of the flow entry to the action 2, but does notchange a third action instruction in the instruction set of the flowentry to the action3.

If a Flow_mod message sent by the OF controller to the OF forwarder isas follows: Flow_mod={MODIFY, table id, match rule, Type_Only,Instructions {action3}}, where an action3 is modification operationinformation, specifically, a new action instruction, then the forwarderchanges action instructions that are in an instruction table of a flowentry and whose action types are the same as the action type of theaction3 to the action3, and retains other action instructions unchanged.

If a Flow_mod message sent by the OF controller to the OF forwarder isas follows: Flow_mod={MODIFY, table id, match rule, Instructions{(action1, action3), (action2, action4)}}, where the former actioninstruction in each action instruction pair of action instruction pairs(action1, action3) and (action2, action4) is an action instruction matchcondition, and the latter action instruction is modification operationinformation, specifically, the forwarder changes an action 1 in aninstruction set of a flow entry to the action3, changes an action 2 tothe action4, and retains other action instructions unchanged.

2.2 The modification operation information may include parametermodification indication information, and the parameter modificationindication information is used to instruct to modify an action variableof the to-be-modified action instruction.

The modifying, by the forwarder, the first action instruction accordingto the modification operation information includes modifying, by theforwarder, an action variable of the first action instruction accordingto the parameter modification indication information.

The parameter modification indication information may include aparameter match condition and parameter modification operationinformation, where the parameter match condition is used to determinethe to-be-modified action variable in the to-be-modified actioninstruction, and the parameter modification operation information isused to instruct to modify the to-be-modified action variable.

The modifying, by the forwarder, an action variable of the first actioninstruction according to the parameter modification indicationinformation may include determining, by the forwarder, a first actionvariable to be modified in the first action instruction according to theparameter match condition; and modifying, by the forwarder, the firstaction variable according to the parameter modification operationinformation.

In a first possible implementation manner, the parameter match conditionmay include the to-be-modified action variable.

The determining, by the forwarder, a first action variable to bemodified in the first action instruction according to the parametermatch condition may include determining, by the forwarder, the firstaction variable to be modified in the first action instruction accordingto the action variable in the parameter match condition.

For example, in an example in which this embodiment is applicable to theOpenFlow protocol, a Flow_mod message sent by an OF controller to an OFforwarder is as follows Flow_mod={MODIFY, table id=1, match rule,Instructions [action1 (MBR=3 Mbps]}

An action parameter MBR is used as the parameter match condition.

In a second possible implementation manner, the parameter matchcondition may include an action variable and a modification indicationbound to the action variable.

The determining, by the forwarder, a first action variable to bemodified in the first action instruction according to the parametermatch condition may include determining, by the forwarder, the firstaction variable to be modified in the first action instruction accordingto the action variable and the modification indication bound to theaction variable.

For example, a Flow_mod message sent by the OF controller to the OFforwarder is as follows: Flow_mod={MODIFY, table id=1, match rule,Instructions [action1 ((MBR=3 Mbps, para_modify_ind=false), (GBR=1 Mbps,para_modify_ind=true)), action2 ((port=1, para_modify_ind=false))]}

Action parameters MBR and GBR and a modification indicationpara_modify_ind bound to them are used as the parameter match condition.It is assumed that para_modify_ind=false indicates no modification of anaction variable, and para_modify_ind=true indicates modification of anaction variable. The forwarder determines an action parameter GBR of anaction 1 in an instruction table of a flow entry as the first actionvariable.

In a first possible implementation manner, the parameter modificationoperation information may include a new variable value.

The modifying, by the forwarder, the first action variable according tothe parameter modification operation information may include changing,by the forwarder, a variable value of the first action variable to thenew variable value.

For example, in an example in which this embodiment is applicable to theOpenFlow protocol, a Flow_mod message sent by the OF controller to theOF forwarder is as follows: Flow_mod={MODIFY, table id=1, match rule,Instructions [action1 (MBR=3 Mbps]}

An action instruction action 1 is a first action instruction, an actionvariable MBR is a parameter match condition, and parameter modificationoperation information is a new variable value 3 Mbps. The forwarderchanges an action parameter MBR of an action instruction action 1 in aninstruction set of a flow entry to 3 Mbps.

In a second possible implementation manner, the parameter modificationoperation information may include operational method information, andthe operational method information is used to indicate an operationalmethod for obtaining a variable value.

The modifying, by the forwarder, the first action variable according tothe parameter modification operation information may include obtaining,by the forwarder, a new variable value according to the operationalmethod information; and changing, by the forwarder, a variable value ofthe first action variable to the new variable value.

For example, the operational method information may include a secondmask and a target value corresponding to a to-be-modified variable bit.Each mask bit of the second mask corresponds to each variable bit of thevariable value of the first action variable. A mask bit corresponding tothe to-be-modified variable bit is a second preset value. Values ofother mask bits are different from the second preset value.

The obtaining, by the forwarder, a new variable value according to theoperational method information may include determining, by theforwarder, a variable bit of the variable value of the first actionvariable corresponding to the mask bit being the second preset value asthe to-be-modified variable bit. The obtaining may also includemodifying, by the forwarder, a value of the to-be-modified variable bitto the target value corresponding to the variable bit, to obtain a newvariable value.

Example 1

in an example in which this embodiment is applicable to the OpenFlowprotocol, a Flow_mod message sent by the OF controller to the OFforwarder is as follows: Flow_mod={MODIFY, table id=1, match rule,Instructions [action1 (type=PUSH_TUNNEL, tunnel_id=0xffff, mask=0x0000),action2 (type=OUTPUT, port=1, mask=0xfffe)]}

Second masks in operational method information are respectivelymask=0x0000 in an action 1 and mask=0xfffe in an action 2. If a mask bitbeing 0 indicates modification of a corresponding variable bit, and amask bit being 1 indicates no modification of a corresponding variablebit; then 0x0000 indicates modification of each variable bit, and 0xfffeindicates modification only of the last variable bit. The forwarderchanges a parameter value of an action parameter tunnel_id of an action1 in an instruction set of a flow entry to 0xffff, and changes the lastparameter bit of a parameter value of an action parameter port of anaction 2 to 1.

Example 2

ORIGIN_TUNNEL_ID indicates retaining of an original tunnel identifier(ORIGIN_TUNNEL_ID). DEC(ORGIN_PORT) indicates an operation ofsubtracting 1 from an original variable value of an original port number(ORGIN_PORT), where a result is used as a new variable value.INC(ORGIN_PORT) indicates an operation of adding 1 to an originalvariable value of an original port number, where a result is used as anew variable value. MUL(ORIGIN_GBR, 2) indicates an operation ofmultiplying an original variable value of original GBR(ORIGIN_GBR) by 2,where a result is used as a new variable value. DEC, INC, and MUL(variable, 2) are the operational method.

Step 404: The forwarder receives a to-be-forwarded data packet, andforwards the data packet according to the modified first processingrule.

Details about how the forwarder forwards the data packet according tothe first processing rule are not described herein.

Optionally, in this embodiment, the forwarder may send modificationresult indication information to the controller according to amodification result of a specified action instruction. The modificationresult indication information may include indication information of aprocessing rule modification result and/or indication information of anaction modification result. The indication information of a processingrule modification result may be used to indicate a modification resultof the first processing rule. The indication information of an actionmodification result may be used to indicate a modification result of thespecified action instruction.

For example, when the forwarder successfully modifies the specifiedaction instruction according to the action instruction modificationinformation, the indication information of a processing rulemodification result may include a first success indication and ruledescription information of the first processing rule that issuccessfully modified; the indication information of an actionmodification result may include a second success indication and theaction instruction that is successfully modified. Alternatively, whenthe forwarder unsuccessfully modifies a specified action variableaccording to the action instruction modification information, theindication information of a processing rule modification result mayinclude a first failure indication and rule description information ofthe first processing rule that is unsuccessfully modified; actionfailure indication information may include a second failure indicationand the action variable that is unsuccessfully modified. The firstsuccess indication and the second success indication may be the same ordifferent. The first failure indication and the second failureindication may be the same or different.

In actual application, when the forwarder successfully modifies thespecified action instruction according to the action instructionmodification information, the forwarder may not report the modificationresult indication information. When the forwarder unsuccessfullymodifies the specified action instruction according to the actioninstruction modification information, the forwarder reports themodification result indication information. The present disclosure setsno limit thereto.

In addition, the forwarder may send modification results of differentfirst processing rules and/or different action instructions to thecontroller by using different modification result indicationinformation, the forwarder may also send different modification results(success and failure) to the controller by using different modificationresult indication information, and the like. An implementation of themodification result indication information is not limited in the presentdisclosure. The modification result indication information may beflexibly implemented in actual application.

There may be many reasons why the specified action instruction isunsuccessfully modified. For example, when this embodiment is applicableto the OpenFlow protocol, an action in an instruction set of a flowentry may not match a quantity of actions in a Flow_mod message sent byan OF controller, or a specified action variable in a Flow_mod messageand an action variable in an instruction set of a flow entry are indifferent formats, or an OF forwarder incorrectly performs an operationon a variable value of an action variable in an instruction set of aflow entry, for example, an operation result of a port number is anegative value, or an OF forwarder cannot perform an operation ormodification on an action parameter of a flow entry, or the like.

When this embodiment is applicable to the OpenFlow protocol, themodification result indication information may be implemented by usingan ACTION PARA ERROR message.

In this embodiment, a controller sends rule modification information toa forwarder, where the rule modification information includes ruledescription match information and action instruction modificationinformation, where the rule description match information is used todetermine a to-be-modified processing rule, rule description informationof the to-be-modified processing rule accords with the rule descriptionmatch information, and the action instruction modification informationis used to instruct to modify an action instruction specified in aninstruction set of the to-be-modified processing rule. Therefore, foreach first processing rule whose rule description information accordswith the rule description match information, the forwarder modifies anaction instruction specified in an instruction set of the firstprocessing rule according to the action instruction modificationinformation. Therefore, the forwarder no longer implement modificationof the first processing rule only by using a manner similar to a mannerin which an instruction set carried in a Flow_mod message is used tocompletely replace an original instruction set of a flow entry. Instead,the forwarder can separately modify a specified action and/or aspecified action variable of the first processing rule. This manner ofmodifying the first processing rule is flexible, and increasesefficiency in modifying the first processing rule in the forwarder bythe controller. In addition, in a scenario in which only some actioninstructions need to be modified in the instruction set of the firstprocessing rule, compared with the prior art, this manner can competemodification of the action instructions in the instruction set of thefirst processing rule by using relatively fewer messages. Compared withthe prior art, this manner reduces a quantity of messages used formodifying the first processing rule, and therefore reduces occupiedcommunication resources between the controller and the forwarder.

Referring to FIG. 5, FIG. 5 is a schematic diagram of a first embodimentof a processing rule modification apparatus 500. The apparatus may beapplicable to a forwarder. The modification apparatus stores a firstprocessing rule, where the first processing rule includes ruledescription information and an instruction set, the rule descriptioninformation is used to identify the first processing rule, theinstruction set includes at least one action instruction, and theinstruction set is used to instruct to perform, according to the actioninstruction in the instruction set, processing on a data packetcorresponding to the first processing rule. The apparatus 500 includes areceiving unit 510, configured to receive rule modification informationsent by a controller. The rule modification information includes ruledescription match information and action instruction modificationinformation. The rule description match information is used to determinea to-be-modified processing rule. Rule description information of theto-be-modified processing rule accords with the rule description matchinformation. The action instruction modification information is used toinstruct to modify an action instruction specified in an instruction setof the to-be-modified processing rule. The apparatus 500 also includes amodification unit 520, configured to modify an action instructionspecified in the instruction set of the first processing rule accordingto the action instruction modification information received by thereceiving unit 510 when it is determined that the rule descriptioninformation of the first processing rule accords with the ruledescription match information received by the receiving unit 510.

Optionally, the action instruction modification information may includean action instruction match condition and modification operationinformation, where the action instruction match condition is used todetermine a to-be-modified action instruction, and the modificationoperation information is used to indicate a modification operation onthe to-be-modified action instruction.

The modification unit 520 may include an instruction determining subunitconfigured to determine a first action instruction to be modified in theinstruction set of the first processing rule according to the actioninstruction match condition when it is determined that the ruledescription information of the first processing rule accords with therule description match information received by the receiving unit. Themodification unit 520 may further include a modification subunit,configured to modify the first action instruction according to themodification operation information.

Optionally, the action instruction match condition may include locationinformation, and the location information is used to indicate a locationof the to-be-modified action instruction in the instruction set of theto-be-modified processing rule.

The instruction determining subunit may be configured to determine thefirst action instruction according to the location information when itis determined that the rule description information of the firstprocessing rule accords with the rule description match informationreceived by the receiving unit.

Optionally, the location information may include a first mask, where alocation of each mask bit in the first mask corresponds to a location ofeach action instruction in the instruction set of the to-be-modifiedprocessing rule.

The instruction determining subunit may be configured to determine amask bit being a preset value from the first mask; and determine thefirst action instruction according to a location of the mask bit beingthe preset value when it is determined that the rule descriptioninformation of the first processing rule accords with the ruledescription match information received by the receiving unit.

Optionally, the location information may include a modificationindication list, where the modification indication list includes amodification indication, and a location of each modification indicationin the modification indication list corresponds to a location of eachaction instruction in the instruction set of the to-be-modifiedprocessing rule, where the modification indication is used to indicatewhether to modify the action instruction.

The instruction determining subunit may be configured to: when it isdetermined that the rule description information of the first processingrule accords with the rule description match information received by thereceiving unit, determine a modification indication that is used toindicate action instruction modification, and determine, according to afirst location of the modification indication that is used to indicateaction instruction modification in the modification indication list, thefirst action instruction corresponding to the first location.

Optionally, the action instruction match condition may include:instruction type information, and the instruction type information isused to indicate an instruction type of the to-be-modified actioninstruction.

The instruction determining subunit may be configured to determine thefirst action instruction according to the instruction type informationwhen it is determined that the rule description information of the firstprocessing rule accords with the rule description match informationreceived by the receiving unit.

Optionally, the modification operation information may include: a newaction instruction.

The modification subunit may be configured to change the first actioninstruction to the new action instruction.

Optionally, the modification operation information may include parametermodification indication information, and the parameter modificationindication information is used to instruct to modify an action variableof the to-be-modified action instruction.

The modification subunit may be configured to modify an action variableof the first action instruction according to the parameter modificationindication information.

Optionally, the parameter modification indication information mayinclude a parameter match condition and parameter modification operationinformation, where the parameter match condition is used to determinethe to-be-modified action variable in the to-be-modified actioninstruction, and the parameter modification operation information isused to instruct to modify the to-be-modified action variable.

The modification subunit may include a determining module, configured todetermine a first action variable to be modified in the first actioninstruction according to the parameter match condition; and amodification module, configured to modify the first action variableaccording to the parameter modification operation information.

Optionally, the parameter modification operation information may includea new variable value.

The modification module may be configured to change a variable value ofthe first action variable to the new variable value.

Optionally, the parameter modification operation information may includeoperational method information, and the operational method informationis used to indicate an operational method for obtaining a variablevalue.

The modification module may be configured to obtain a new variable valueaccording to the operational method information; and change a variablevalue of the first action variable to the new variable value.

Optionally, the receiving unit 510 may be configured to receive a flowmodification Flow_mod message sent by the controller, where the Flow_modmessage carries the rule modification information.

In this embodiment, a forwarder receives rule modification informationsent by a controller, where the rule modification information includesrule description match information and action instruction modificationinformation, where the rule description match information is used todetermine a to-be-modified processing rule, rule description informationof the to-be-modified processing rule accords with the rule descriptionmatch information, and the action instruction modification informationis used to instruct to modify an action instruction specified in aninstruction set of the to-be-modified processing rule. Therefore, foreach first processing rule whose rule description information accordswith the rule description match information, the forwarder modifies anaction instruction specified in an instruction set of the firstprocessing rule according to the action instruction modificationinformation. Therefore, the forwarder no longer implements modificationof the first processing rule only by using a manner similar to a mannerin which an instruction set carried in a Flow_mod message is used tocompletely replace an original instruction set of a flow entry. Instead,the forwarder can separately modify a specified action and/or aspecified action variable of the first processing rule. This manner ofmodifying the first processing rule is flexible, and increasesefficiency in modifying the first processing rule in the forwarder bythe controller. In addition, in a scenario in which only some actioninstructions need to be modified in the instruction set of the firstprocessing rule, compared with the prior art, this manner can competemodification of the action instructions in the instruction set of thefirst processing rule by using relatively fewer messages. Compared withthe prior art, this manner reduces a quantity of messages used formodifying the first processing rule, and therefore reduces occupiedcommunication resources between the controller and the forwarder.

Referring to FIG. 6, FIG. 6 is a schematic diagram of a secondembodiment of a processing rule modification apparatus 600. Theapparatus is applicable to a controller that communicates with aforwarder. The forwarder stores a first processing rule, where the firstprocessing rule includes rule description information and an instructionset, the rule description information is used to identify the firstprocessing rule, the instruction set includes at least one actioninstruction, and the instruction set is used to instruct to perform,according to the action instruction in the instruction set, processingon a data packet corresponding to the first processing rule. Theapparatus 600 includes a generation unit 610, configured to generaterule modification information; and a sending unit 620. The sending unit620 is configured to send, to the forwarder, the rule modificationinformation generated by the generation unit 610. The rule modificationinformation includes rule description match information and actioninstruction modification information, where the rule description matchinformation is used to determine a to-be-modified processing rule. Ruledescription information of the to-be-modified processing rule accordswith the rule description match information, and the action instructionmodification information is used to instruct to modify an actioninstruction specified in an instruction set of the to-be-modifiedprocessing rule, so that when the forwarder determines that the ruledescription information of the first processing rule accords with therule description match information, the forwarder modifies an actioninstruction specified in the instruction set of the first processingrule according to the action instruction modification information.

Optionally, the sending unit 620 may be configured to send a flowmodification Flow_mod message to the forwarder, where the Flow_modmessage carries the rule modification information.

In this embodiment, a controller sends rule modification information toa forwarder, where the rule modification information includes ruledescription match information and action instruction modificationinformation, where the rule description match information is used todetermine a to-be-modified processing rule, rule description informationof the to-be-modified processing rule accords with the rule descriptionmatch information, and the action instruction modification informationis used to instruct to modify an action instruction specified in aninstruction set of the to-be-modified processing rule. Therefore, foreach first processing rule whose rule description information accordswith the rule description match information, the forwarder modifies anaction instruction specified in an instruction set of the firstprocessing rule according to the action instruction modificationinformation. Therefore, the forwarder no longer implements modificationof the first processing rule only by using a manner similar to a mannerin which an instruction set carried in a Flow_mod message is used tocompletely replace an original instruction set of a flow entry. Instead,the forwarder can separately modify a specified action and/or aspecified action variable of the first processing rule. This manner ofmodifying the first processing rule is flexible, and increasesefficiency in modifying the first processing rule in the forwarder bythe controller. In addition, in a scenario in which only some actioninstructions need to be modified in the instruction set of the firstprocessing rule, compared with the prior art, this manner can competemodification of the action instructions in the instruction set of thefirst processing rule by using relatively fewer messages. Compared withthe prior art, this manner reduces a quantity of messages used formodifying the first processing rule, and therefore reduces occupiedcommunication resources between the controller and the forwarder.

Referring to FIG. 7, FIG. 7 is a schematic diagram of a structure of aforwarder 700. The forwarder 700 includes a processor 710, a memory 720,a transceiver 730, and a bus 740.

The processor 710, the memory 720, and the transceiver 730 are connectedto each other by using the bus 740. The bus 740 may be an ISA bus, a PCIbus, an EISA bus, or the like. The bus may be classified into an addressbus, a data bus, a control bus, and the like. For ease of presentation,the bus is indicated by using only one bold line in FIG. 7. However, itdoes not indicate that there is only one bus or only one type of bus.

The memory 720 is configured to store a program, and is furtherconfigured to store a first processing rule, where the first processingrule includes rule description information and an instruction set, therule description information is used to identify the first processingrule, the instruction set includes at least one action instruction, andthe instruction set is used to instruct to perform, according to theaction instruction in the instruction set, processing on a data packetcorresponding to the first processing rule. Specifically, the programmay include program code, where the program code includes a computeroperation instruction. The memory 720 may include a high-speed RAM, andmay further include a non-volatile memory, for example, at least onemagnetic disk memory.

The transceiver 730 is configured to connect other devices andcommunicate with the devices. The transceiver 730 is configured toreceive rule modification information sent by a controller, where therule modification information includes rule description matchinformation and action instruction modification information, where therule description match information is used to determine a to-be-modifiedprocessing rule, rule description information of the to-be-modifiedprocessing rule accords with the rule description match information, andthe action instruction modification information is used to instruct tomodify an action instruction specified in an instruction set of theto-be-modified processing rule.

The processor 710 executes the program code and is configured to: whenit is determined that the rule description information of the firstprocessing rule accords with the rule description match informationreceived by the transceiver 730, modify, according to the actioninstruction modification information received by the transceiver 730, anaction instruction specified in the instruction set of the firstprocessing rule that is stored in the memory 720.

Optionally, the action instruction modification information may includean action instruction match condition and modification operationinformation, where the action instruction match condition is used todetermine a to-be-modified action instruction, and the modificationoperation information is used to indicate a modification operation onthe to-be-modified action instruction.

The processor 710 may be configured to determine a first actioninstruction to be modified in the instruction set of the firstprocessing rule according to the action instruction match condition, andmodify the first action instruction according to the modificationoperation information.

Optionally, the action instruction match condition may include locationinformation, and the location information is used to indicate a locationof the to-be-modified action instruction in the instruction set of theto-be-modified processing rule.

The processor 710 may be configured to determine the first actioninstruction according to the location information.

Optionally, the location information may include a first mask, where alocation of each mask bit in the first mask corresponds to a location ofeach action instruction in the instruction set of the to-be-modifiedprocessing rule.

The processor 710 may be configured to determine a mask bit being apreset value from the first mask, and determine the first actioninstruction according to a location of the mask bit being the presetvalue.

Optionally, the location information may include a modificationindication list, where the modification indication list includes amodification indication, and a location of each modification indicationin the modification indication list corresponds to a location of eachaction instruction in the instruction set of the to-be-modifiedprocessing rule, and the modification indication is used to indicatewhether to modify the action instruction.

The processor 710 may be configured to determine a modificationindication that is used to indicate action instruction modification inthe modification indication list, and determine, according to a firstlocation of the modification indication that is used to indicate actioninstruction modification in the modification indication list, the firstaction instruction.

Optionally, the action instruction match condition may include:instruction type information, and the instruction type information isused to indicate an instruction type of the to-be-modified actioninstruction.

The processor 710 may be configured to determine the first actioninstruction according to the instruction type information.

Optionally, the modification operation information may include: a newaction instruction.

The processor 710 may be configured to change the first actioninstruction to the new action instruction.

Optionally, the modification operation information may include parametermodification indication information, and the parameter modificationindication information is used to instruct to modify an action variableof the to-be-modified action instruction.

The processor 710 may be configured to modify an action variable of thefirst action instruction according to the parameter modificationindication information.

Optionally, the parameter modification indication information mayinclude a parameter match condition and parameter modification operationinformation, where the parameter match condition is used to determinethe to-be-modified action variable in the to-be-modified actioninstruction, and the parameter modification operation information isused to instruct to modify the to-be-modified action variable.

The processor 710 may be configured to determine a first action variableto be modified in the first action instruction according to theparameter match condition, and modify the first action variableaccording to the parameter modification operation information.

Optionally, the parameter modification operation information may includea new variable value.

The processor 710 may be configured to change a variable value of thefirst action variable to the new variable value.

Optionally, the parameter modification operation information may includeoperational method information, and the operational method informationis used to indicate an operational method for obtaining a variablevalue.

The processor 710 may be configured to obtain a new variable valueaccording to the operational method information, and change a variablevalue of the first action variable to the new variable value.

Optionally, the transceiver 730 may be configured to receive a flowmodification Flow_mod message sent by the controller, where the Flow_modmessage carries the rule modification information.

In this embodiment, a forwarder receives rule modification informationsent by a controller, where the rule modification information includesrule description match information and action instruction modificationinformation, where the rule description match information is used todetermine a to-be-modified processing rule, rule description informationof the to-be-modified processing rule accords with the rule descriptionmatch information, and the action instruction modification informationis used to instruct to modify an action instruction specified in aninstruction set of the to-be-modified processing rule. Therefore, foreach first processing rule whose rule description information accordswith the rule description match information, the forwarder modifies anaction instruction specified in an instruction set of the firstprocessing rule according to the action instruction modificationinformation. Therefore, the forwarder no longer implements modificationof the first processing rule only by using a manner similar to a mannerin which an instruction set carried in a Flow_mod message is used tocompletely replace an original instruction set of a flow entry. Instead,the forwarder can separately modify a specified action and/or aspecified action variable of the first processing rule. This manner ofmodifying the first processing rule is flexible, and increasesefficiency in modifying the first processing rule in the forwarder bythe controller. In addition, in a scenario in which only some actioninstructions need to be modified in the instruction set of the firstprocessing rule, compared with the prior art, this manner can competemodification of the action instructions in the instruction set of thefirst processing rule by using relatively fewer messages. Compared withthe prior art, this manner reduces a quantity of messages used formodifying the first processing rule, and therefore reduces occupiedcommunication resources between the controller and the forwarder.

Referring to FIG. 8, FIG. 8 is a schematic diagram of a structure of acontroller 800. The controller 800 includes a processor 810, a memory820, a transceiver 830, and a bus 840.

The processor 810, the memory 820, and the transceiver 830 are connectedto each other by using the bus 840. The bus 840 may be an ISA bus, a PCIbus, an EISA bus, or the like. The bus may be classified into an addressbus, a data bus, a control bus, and the like. For ease of presentation,the bus is indicated by using only one bold line in FIG. 8. However, itdoes not indicate that there is only one bus or only one type of bus.

The memory 820 is configured to store a program. Specifically, theprogram may include program code, where the program code includes acomputer operation instruction. The memory 820 may include a high-speedRAM, and may further include a non-volatile memory, for example, atleast one magnetic disk memory.

The processor 810 is configured to execute the program code.

The transceiver 830 is configured to connect other devices andcommunicate with the devices. The transceiver 830 is configured to sendrule modification information to a forwarder, where the rulemodification information includes rule description match information andaction instruction modification information, where the rule descriptionmatch information is used to determine a to-be-modified processing rule,rule description information of the to-be-modified processing ruleaccords with the rule description match information, and the actioninstruction modification information is used to instruct to modify anaction instruction specified in an instruction set of the to-be-modifiedprocessing rule, so that when the forwarder determines that ruledescription information of a first processing rule accords with the ruledescription match information, the forwarder modifies an actioninstruction specified in an instruction set of the first processing ruleaccording to the action instruction modification information.

The forwarder stores the first processing rule, where the firstprocessing rule includes the rule description information and theinstruction set, the rule description information is used to identifythe first processing rule, the instruction set includes at least oneaction instruction, and the instruction set is used to instruct toperform, according to the action instruction in the instruction set,processing on a data packet corresponding to the first processing rule.

Optionally, the transceiver 830 may be configured to send a Flow_modmessage to the forwarder, where the Flow_mod message carries the rulemodification information.

Optionally, the processor 810 may be further configured to generate therule modification information and send the generated rule modificationinformation to the transceiver 830.

In this embodiment, a controller sends rule modification information toa forwarder, where the rule modification information includes ruledescription match information and action instruction modificationinformation, where the rule description match information is used todetermine a to-be-modified processing rule, rule description informationof the to-be-modified processing rule accords with the rule descriptionmatch information, and the action instruction modification informationis used to instruct to modify an action instruction specified in aninstruction set of the to-be-modified processing rule. Therefore, foreach first processing rule whose rule description information accordswith the rule description match information, the forwarder modifies anaction instruction specified in an instruction set of the firstprocessing rule according to the action instruction modificationinformation. Therefore, the forwarder no longer implements modificationof the first processing rule only by using a manner similar to a mannerin which an instruction set carried in a Flow_mod message is used tocompletely replace an original instruction set of a flow entry. Instead,the forwarder can separately modify a specified action and/or aspecified action variable of the first processing rule. This manner ofmodifying the first processing rule is flexible, and increasesefficiency in modifying the first processing rule in the forwarder bythe controller. In addition, in a scenario in which only some actioninstructions need to be modified in the instruction set of the firstprocessing rule, compared with the prior art, this manner can competemodification of the action instructions in the instruction set of thefirst processing rule by using relatively fewer messages. Compared withthe prior art, this manner reduces a quantity of messages used formodifying the first processing rule, and therefore reduces occupiedcommunication resources between the controller and the forwarder.

A person skilled in the art may clearly understand that, thetechnologies in the embodiments may be implemented by software inaddition to a necessary general hardware platform. Based on such anunderstanding, the technical solutions of the present disclosureessentially or the part contributing to the prior art may be implementedin a form of a software product. The software product is stored in astorage medium, such as a ROM/RAM, a magnetic disk, or an optical disc,and includes several instructions for instructing a computer device(which may be a personal computer, a server, or a network device) toperform the methods described in the embodiments or some parts of theembodiments.

The embodiments in this specification are all described in a progressivemanner, for same or similar parts in the embodiments, reference may bemade to these embodiments, and each embodiment focuses on a differencefrom other embodiments. Especially, a system embodiment is basicallysimilar to a method embodiment, and therefore is described briefly; forrelated parts, reference may be made to partial descriptions in themethod embodiment.

The foregoing descriptions are implementation manners of the presentdisclosure, but are not intended to limit the protection scope of thepresent disclosure. Any modification, equivalent replacement, andimprovement made without departing from the principle of the presentdisclosure shall fall within the protection scope of the presentdisclosure.

1. A method for modifying a processing rule, comprising: receiving, by aforwarder, rule modification information from a controller, wherein therule modification information includes a rule identifier andmodification information of an action instruction; identifying, by theforwarder, a first processing rule by the rule identifier, wherein thefirst processing rule comprises a first instruction set, and the firstinstruction set comprises a plurality of action instructions to beperformed on a data packet; and modifying, by the forwarder, a firstaction instruction of the first instruction set of the first processingrule according to the modification information of the actioninstruction.
 2. The method according to claim 1, wherein themodification information of the action instruction includes parametermodification information; and wherein modifying, by the forwarder, thefirst action instruction of the first processing rule according to themodification information of the action instruction comprises modifying,by the forwarder, a first action variable of the first actioninstruction according to the parameter modification information.
 3. Themethod according to claim 2, wherein the modification information of theaction instruction further includes an indication of a to-be-modifiedaction instruction or instruction type information; and wherein theindication of the to-be-modified action instruction or the instructiontype information identifies the first action instruction.
 4. The methodaccording to claim 3, wherein the parameter modification informationincludes a new variable value; and wherein modifying, by the forwarder,the first action variable of the first action instruction according tothe parameter modification information comprises setting, by theforwarder, a value of the first action variable to the new variablevalue.
 5. The method according to claim 4, wherein the parametermodification information further includes an indication of ato-be-modified action variable, wherein the indication of theto-be-modified action variable identifies the first action variable. 6.A method for modifying a processing rule, comprising: generating, by acontroller, rule modification information; and sending, by thecontroller, the rule modification information to a forwarder; whereinthe rule modification information includes a rule identifier andmodification information of an action instruction, the rule identifieridentifies a first processing rule that comprises a first instructionset of a plurality of action instructions to be performed on a datapacket; and wherein the modification information of an actioninstruction indicates a first action instruction of the plurality ofaction instructions in the first instruction set of the first processingrule, a first action variable of the first action instruction, and a newvariable value of the first action variable.
 7. The method according toclaim 6, wherein the modification information of the action instructionincludes parameter modification information; and wherein the parametermodification information indicates the first action variable of thefirst action instruction and the new variable value of the first actionvariable.
 8. The method according to claim 7, wherein the parametermodification information includes the new variable value.
 9. The methodaccording to claim 8, wherein the parameter modification informationfurther includes an indication of a to-be-modified action variable; andwherein the indication of the to-be-modified action variable identifiesthe first action variable.
 10. The method according to claim 9, whereinthe modification information of an action instruction further includesan indication of a to-be-modified action instruction or action typeinformation; and wherein the indication of the to-be-modified actioninstruction or the action type information identifies the first actioninstruction.
 11. A forwarder apparatus, comprising: a processor; and anon-transitory computer-readable storage medium storing a program to beexecuted by the processor, the program including instructions for:receiving rule modification information from a controller, wherein therule modification information includes a rule identifier andmodification information of an action instruction; identifying a firstprocessing rule by the rule identifier, wherein the first processingrule comprises a first instruction set, and the first instruction setcomprises a plurality of action instructions to be performed on a datapacket; and modifying a first action instruction of the firstinstruction set of the first processing rule according to themodification information of the action instruction.
 12. The forwarderapparatus according to claim 11, wherein the modification information ofthe action instruction includes parameter modification information; andwherein the instructions for modifying the first action instruction ofthe first processing rule according to the modification information ofthe action instruction comprise instructions for modifying a firstaction variable of the first action instruction according to theparameter modification information.
 13. The forwarder apparatusaccording to claim 12, wherein the modification information of theaction instruction further includes an indication of a to-be-modifiedaction instruction or instruction type information; and wherein theindication of the to-be-modified action instruction or the instructiontype information identifies the first action instruction.
 14. Theforwarder apparatus according to claim 13, wherein the parametermodification information includes a new variable value; and wherein theinstructions for modifying the first action variable of the first actioninstruction according to the parameter modification informationcomprises the instructions for setting the value of the first actionvariable to the new variable value.
 15. The forwarder apparatusaccording to claim 14, wherein the parameter modification informationfurther includes an indication of a to-be-modified action variable andwherein the indication of the to-be-modified action variable identifiesthe first action variable.
 16. A controller apparatus, comprising: aprocessor; and a non-transitory computer-readable storage medium storinga program to be executed by the processor, the program includinginstructions for: generating rule modification information; sending therule modification information to a forwarder; wherein the rulemodification information includes a rule identifier and modificationinformation of an action instruction, the rule identifier identifies afirst processing rule that comprises a first instruction set, and thefirst instruction set comprises a plurality of action instructions to beperformed on a data packet; and wherein the modification information ofthe action instruction indicates a first action instruction of theplurality of action instructions in the first instruction set of thefirst processing rule, a first action variable of the first actioninstruction, and a new variable value of the first action variable. 17.The controller apparatus according to claim 16, wherein the modificationinformation of the action instruction includes parameter modificationinformation; and wherein the parameter modification informationindicates the first action variable of the first action instruction andthe new variable value of the first action variable.
 18. The controllerapparatus according to claim 17, wherein the parameter modificationinformation includes the new variable value.
 19. The controllerapparatus according to claim 18, wherein the parameter modificationinformation further includes an indication of a to-be-modified actionvariable; and wherein the indication of the to-be-modified actionvariable identifies the first action variable.
 20. The controllerapparatus according to claim 19, wherein the modification information ofthe action instruction further includes an indication of ato-be-modified action instruction or action type information; andwherein the indication of the to-be-modified action instruction or theaction type information identifies the first action instruction.